If the OP's friend knows their passphrase is one of a dozen or so possibilities, the setup/reading the documentation for something like btcrecover may take longer than using iancoleman's tool.
It is the proper way to do it, though. If they don't know the passphrase, they can't be really trying a different password each time, even for a dozen of times. Let alone if the password is a long one which increases the odds of having few characters forgotten.
There is no "proper" way to try to bruteforce something.
While this is a bad security practice, many people reuse passwords, or reuse passwords while appending something to the end of a password each time a new one is created. If this is the case, there is a decent change the OP's friend knows her passphrase is one of a dozen or so potential passphrases, but isn't sure which one, and she can check them all in a few minutes.
You'll most likely end up on brute forcing with btcrecover, so why not just do it in the first place?
There are setup costs associated with using a program/script such as btcrecover such as reading the documentation to figure out how to use it. Spending 30 minutes "manually" checking potential passphrases before using a tool to systematically trying to bruteforce the passphase is not going to hurt anyone.